Method of securely inviting users to setup account

I'm working on a web based system (PHP & MySQL) that has users who can log in. The problem is that all this has to be very secure. Now, I've read up on how to store passwords, we use an encrypted connection and lots of other safety measures are taken.

The last problem I need to solve is that the administrator who sets up accounts (ie. enters names and e-mail addresses) has to invite users to the application. He needs to be able send out a generated e-mail to a new user containing a link. If the user clicks that link he will be taken to the system and he will have to set up his password. What are best practices in sending these kinds of e-mails? I'm aware that I should use some sort of hash consisting of information about the particular user in order to make sure that the user who is at the page is actually the user that has clicked on the link. What other measures should I take?

Or would it be better to auto-generate a rando开发者_开发百科m password, e-mail that to the new user and let him change it after his first login?

IMO the best method would be to not generate a password but only a random hash which can be stored in either a separate table or with the users table. Following can be used as structures of tables:

users:
userid
name
email
password //any hashing technique you prefer
isactive //bool always false when user is created

invites:
inviteid
userid
hash
reinvitesent //boolean
senton

Now whenever a user is added, the information is stored in the users table and an entry is generated in invites. The email that is sent contains a link like https://yoursite.com/user/activate.php?userid=x&hash=7a657ab435f4543543543543 If the userid and hash match, you ask the user to choose his/her password. If the password change is successful you change isactive to true.

A user account cannot be used unless the isactive value is true i.e. your queries will be of type 'SELECT fields FROM users WHERE userid = $userid AND isactive = 1'. Also you may use the senton value in invites to check if a user has not accepted an invite, you may then send an email with the link again(let's say after 3 days) and an option to decline the invite. If you still don't get the user's reply in 3 days, you automatically delete the invite.

For safety measures, generation of a random awesome password by the program is best. The user may change it as they see fit, but you've done your part in securing the app.

As same as the first answer but have some different on db structure and the way you process it.

Table users: userId, username, password, email, isActive (optional), invitationCount, inviteId.
Table invites: inviteId, inviteUserId, inviteHash, isValid, inviteProcessTime.

The link to new user will be: http://yoursite.com/invite.php?code={inviteHash}

inviteHash you can easily generate using current time or combination with userId.

inviteHash = md5(time().$userId);

When the user click on the link, we check this hash from db. if it does exist and it status isValid = 1 (mean this link not yet used before). Then you process to the register page. This step new user can input any data they want. If they success create new account then update isValid=0 and inviteProcessTime=CURRENT_TIMESTAMP then no one can use this link in the future also we can track what time this was actived

invitationCount field in table users helps you to manage and limit invitation time of each user. users.inviteId help you to track registration date and invitation owner.